Security researcher Kate Temkin has released proof-of-concept code dubbed Fusée Gelée that exploits a bug in Nvidia's Tegra chipsets to run custom code on locked-down devices.
Temkin, who participates in the Nintendo Switch hacking project ReSwitched, has developed a cold-boot hack for the games console that takes advantage of …

COMMENTS

Pwned? This is great!

Nintendo might by pwned here, but if this lets us boot custom firmware and Nintendo can't block it that's a big win for users. Or the few who even know what that means. It's why I still have my bigass launch PS3 instead of one of those cute tiny later versions.

Re: Pwned? This is great!

Re: Pwned? This is great!

> Nintendo Switch users about to get free games.

The Switch has some known and probably unknown anti-piracy measures for its games that will need to be defeated before that, not to mention the custom firmware she is working on needs to be able to successfully launch and maintain [pirated] games... Responsible hackers and users won't bother implementing or using such features, and though it will probably be done eventually, for the time I hope that is the case here.

Re: Pwned? This is great!

"The Switch has some known and probably unknown anti-piracy measures for its games that will need to be defeated before that, not to mention the custom firmware she is working on needs to be able to successfully launch and maintain [pirated] games..."

Sure. So about another 2 weeks.

"Responsible hackers and users won't bother implementing or using such features,"

Re: "free games"

The principle in question being the right to full and unrestricted access to your own legally purchased property, now and forever, without it ever being arbitrarily "expired" by the manufacturer.

The fact that manufacturers even have the ability to deny you access to your own legally purchased property, using the pretext of ethereal "intellectual property" precedence, is a violation of real property rights and an affront to the entire concept of property ownership. It essentially transforms all transfer of legal title under the law, otherwise known as the sale of goods, into a sort of quasi-rental Ponzi scheme, in which you pay full price for supposed "ownership", but without ever really getting to own that which you paid for.

If these "IP" fanatics want to lease their toys to us, then the transaction should be clearly identified as a lease, not a sale, and the price should be drastically reduced to more accurately reflect the transient nature of the customer's access.

As it stands, we get to buy the house but have no access to the kitchen, which remains owned by Burger King and from which we must buy our meals on a daily basis. Until they decide to stop, shut up shop but retain ownership of an empty kitchen, for reasons of market speculation, at which point we have no choice but to abandon the house we supposedly "own" and buy another.

Sorry, but that's just a racket and should be a criminal offence. Sadly, however, that seems to be the main purpose of "IP" in the modern age, as a weapon to undermine real property rights, forcing consumers to abandon perfectly serviceable real property and re-purchase it over and over again, for no legitimate reason.

If having full and unrestricted access to their legally purchased property means that some people abuse that right to cause harm, then so be it, that's not my responsibility, but I'll be damned if I'm going to be treated like a criminal just because other people break the law.

Frankly, I have about the same respect for these "IP" fanatics' property rights as they have for mine, which is clearly none.

Re: "free games"

While I agree with you that users should be allowed more freedom with the hardware they own, you can't have "real" property rights for something you don't own and control.

For your house analogy, you willingly bought a part of the house that was not owned by Burger King; while on a base level that is applicable to the kinds of situations you are in when purchasing a locked-down piece of hardware with a software store, it is not representative of the legal side of things when applied to the software it runs, and I feel it is a dishonest and distracting comparison.

"Real property rights" imply you have access to and ownership over the property. A digital game that can be copied infinitely, therefor, cannot be subject to the same terms from a rational point of view. In worst case scenario if IP rights didn't exist and a company has an exploitable license or none at all, judges could potentially rule in favor of the end-user if they were to buy a copy of a game and resell their own copies. Doea that seem right? Not reselling your legally purchased game disc, but infinitely distributable digital copies?

Intellectual property rights exist because of that possibility, to protect the company distributing its easily duplicatable software. And even if IP didn't exist, it is usually described clearly in the legal terms that you agree to before sale of games or other software that you are not buying any rights or property ownership of the game, its content, or its copyright: you are buying a license granting you access to use and play the game, which is still owned in full by the company. That is what is meaned when you click "Buy" and what the company means when they say they are "selling" to you.

If you really want to live in a world where once you distribute your cool creation digitally you are not legally protected and people can do whatever they want with it even against your wills or licensing, keep me far away from it. I would be the first person to license my software under BSD 3-clause, but I would also ge the first to defend the declared and desired rights of others, because not everyone wants to give their hard work away for free or wants others to claim it.

Aside, I feel you are a bit fanatical in your presentation, to have the gall to call people that believe in IP laws fanatics!

Re: "free games"

But that's exactly my point. I'm not denying that part of the transaction includes something that is merely licensed rather than sold, I'm explicitly stating that the injection of this leased component into the main article that is being sold is undermining it. It's real property with an "IP" trojan horse designed to essentially destroy it, forcing you to buy another at the manufacturer's whim (planned obsolescence).

The libertarian mentality that this is a "voluntary contract" disingenuously belies the fact that all such products have the same egregious terms, thanks to our universal "IP" regime, and thus the only "voluntary" option you have is, in essence, slavery or death, since you must either resign yourself to being bound by oppressive terms from all quarters, or not play at all. This is why I really don't believe it's an overstatement to characterise this "IP" interference in real property as a racket.

None of the typical excuses made by "IP" apologists stand up to any scrutiny. The ease with which something can be done is neither a legal nor moral argument. It's not even a sound economic argument, given that multiple vendors happily coexist selling functionally identical physical products in every other market, including real estate.

I'm merely pointing out that the current "IP" regime is an assault on consumer rights, that it hypocritically defends its own fake "property" rights (as in "property" which is purely ethereal, largely plagiarised, and consequently to which their title under the law has been mandated to expire after a given term, clearly defining it as a privileged issued purely for pragmatic reasons, unlike inalienable real property rights), whilst simultaneously riding roughshod over everyone else's real property rights.

Sorry, but I really don't believe that complaining about such a blatant racket qualifies as fanaticism.

Re: "free games"

Don't get me wrong, I'd love it if every game console came with the source code to all of it's software and all the games you purchased included the source code, but how would that at all be beneficial to the company at the end of the day? Look at what happened to the fidget cube, the original designers sent blueprints to manufacturers to assemble the product, but they ended up getting distributed and the designers lost out on a huge market capitalization when clones of their product were put up for sale before theirs even was!

If companies are not to protect their investment, how will that work out? Digital media is much easier to plagarize than physical hardware; where that hardware takes factories and production lines to exist, software only takes a compiler and some know-how. It is much more persistant, as well; while hardware will eventually decay and rot away, bit rot is a very slow process that can be easily mitigated for cheap. This isn't the 80's where you can sell floppies to companies and the chances of that data being copied, modified, or resold was slim to none, at least to the level of quality that the specialized vendor was able to supply.

If IP is not the answer, what should be done? Should companies be forced to support obsilescent products at risk of fine? Should companies be liable if they stop releasing digital content for their hardware platform before a specific date? Should hardware vendors be forced to open their source code and blueprints to the public? What is the alternative to software intellectual property in a hardware system that does not impact the profits of the company, and does not allow immediate and unrestricted plagarism of that product?

For the record, I upvoted that post. It was much clearer than your first.

Re: "free games"

"No, it's about principles, not freeloading."

It is about free games for the vast majority of people. I might actually buy a Switch if the games are free. After all there is little other reason to by the crappiest of the latest generation of consoles.

Re: "free games"

It is about free games for the vast majority of people. I might actually buy a Switch if the games are free. After all there is little other reason to by the crappiest of the latest generation of consoles.

Yeah, I overheard a staffer in a shop lying to a customer, saying the Switch replaced the Wii U...

No, it didn't. There isn't a Switch equivalent of Wii Fit U (or any other version of Wii Fit for that matter) and it won't run the Wii / Wii U versions, so it can't replace my Wii U. (I only really have it for Wii Fit, thanks, otherwise I'd have bought something else or nothing at all. The late Mrs Cynic thought it was a good idea, and I didn't disagree, so that's what we bought.)

Re: Switch replaced WiiU

The Switch did replace the Wii U as Nintendo's "Flagship" console, to the point where new Wii Us are getting hard to find.

It's like the new iPhones replacing the old ones, even though they don't have a headphone jack. Or the XBone replacing the Xbox 360, even though it wasn't originally backwards compatible. Or the N64 replacing the SNES even though it couldn't use the Powerglove.

Re: Switch replaced WiiU

The Switch did replace the Wii U as Nintendo's "Flagship" console, to the point where new Wii Us are getting hard to find.

For sure, but it isn't a *functionality* replacement. Fussy argument about what we mean by "replace", I guess. Either way, I can't replace my Wii U with a Switch because the thing I use it for isn't available on Switch.

Re: "principles, not freeloading"

Can you please not talk about "real property rights". Pretty please?

The problem is that "real property" is a legal term (it means land and buildings, as opposed to personalty or "personal property" - like clothes or consoles). "actual property rights" or "genuine property rights" would be fine.

(As an aside, I think you overstate your case. If the transaction was changed to "leasing", I predict that the price the market would bear would be almost completely unchanged.)

Re: "principles, not freeloading"

Re: "free games"

When you buy stuff, you don't magically have universal 'property rights' to do with it what you will - and certainly don't have moral rights. People claiming that this is a 'win' against the cruel corporations really need to gain a little perspective. Your only right in that respect is to chose not to buy something if it does not suit your needs.

On the other hand, it sounds like a smart little hack. The Switch is a lovely bit of hardware and being able to run arbitrary code on it is neat. It's just a shame that the zealots will go from there to distributing games for free because apparently they believe that too is their 'right'.

Re: Pwned? This is great!

> Sorry, but that's just a racket and should be a criminal offence.

I dunno, my friend knowingly bought a Ninetendo Switch for the sole purpose of playing a handful of 1st party Nintendo games, starting with Zelda and then probably Mario and Mario Kart. He's very happy with his informed choice.

Undermining a console's defences to run emulators and such, well, that's what his his PS2 and and PSP are for.

Re: Pwned? This is great!

Undermining a console's defences to run emulators and such, well, that's what his his PS2 and and PSP are for.

Your Friend sould probably get a PS Vita FW >3.60 instead now. it blows the roof of the PSP. Though you will still need One of those wretched bespoke Memory Cards to get yourself setup. Thankfully now we have MicroSD2PSV Adapters now. To deal with all of that.

Re: Pwned? This is great!

There is nothing worth playing that isn't first party. Even then Nintendo get a free pass. Everyone raved about Zelda despite it looking like and playing like crap, and basically a poor mans Horizon Zero Dawn.

Re: Pwned? This is great!

It's possible that some games are better on other platforms, but that's a long way from 'nothing worth playing'. If the 'better platform' is a PC, that has associated maintenance and lack of portability, two advantages the Switch wins on.

Re: Pwned? This is great!

The ps4 always ran ps4 games. Now a hacked ps4 will happily run repackaged ps2 games, and pretty much all the older generation console's with emulators games too, since the homebrew scene has been busy porting them to it.

Honorable mention to the ps3, which has also been heavily cracked and modified cfw's to cover a lot more models, so you don't need a original phat now to play with them.

For me console's come of age when I can hook up a external drive, put all the games I own on that, and play them without having to get up to swap discs.

Re: Pwned? This is great!

The Tegra is hardly a "budget" chip. It was one of the most expensive mobile SoCs available, due to its highly capable GPU.

It was largely rejected by tablet makers because it cost 3x or 4x a MediaTek SoC. From their perspective, any chip that could decode full motion video (generally a hard-wired functional unit) was good enough. Consumers buy on the quality of the screen, and a bit on the overall feel and physical construction. They bitch later in reviews if the touch screen is crap. They aren't very particular about GPU speed unless they are gaming.

Re: Launch PS3s

Unless you have the "A" or "B" Model Phats... (e.g. The Ones which came with the PS2's Emotion Engine [Hardware Chip]). I would have recomended the middle of the road Slim Models from ~ca. 2009. As these consumed a lot less power. And while we're on the topic of hacking. Are also capable of playing some PS2 Games via an undisclosed Software Emulator which S0NY provided. (Probably for use with the PS2 Classics HD Remaster Series), They can also play pretty much any, and all PSP Games as well.

As for Team Xecuter... Well there's a Team I haven't heard from since the days of the old XBOX. I'm kinda surprised to hear that they are still 'round.

Re: An Nvidious flaw

Re: An Nvidious flaw

I feel that, after a certain amount of time on the market, no anti-piracy measure is of any use. It's there to protect first-day, really, isn't it?

The Wii didn't really suffer from pirateable games, did it? And some devices there was probably no copy protection at all and yet they survived just as well - everything from the NES/Gameboy, I should imagine.

Though I get why they have to TRY to put it on, they know just as well as we do that it's ultimately just a hindrance. So they have to look like they're trying, limit the obvious, make it clear that there are "hacked" and "unhacked" devices and that it's not easy for one to change from one to the other (granny isn't going to do it, is she?). At that point, the people who WANT a hacked device - you're not really going to stop them, are you? They'll happily unsolder every ROM and replace it with a custom one if they want, and then sell them to others who want that kind of device.

I can't imagine it hits their sales that much - such people would rather spend £200 on the hack than £50 on a game anyway.

I think, like Steam, Nintendo get the balance right. I can't ever remember being hindered by their copy protection or usage polices (e.g. "you can use your account on one machine at a time", etc.). They put in enough that I'd think "Bah, not worth messing with", even as a tinkerer, but not enough that I'm swearing at the machine to just play my game.

Re: An Nvidious flaw

A downlodable game is linked to a Nintendo Account, and the account is linked to 1 (one) Switch.

Now if Nintendo are serious about wanting to sell more than one Switch per household, they need to fix this - they need to be able to set up family accounts and group accounts allow games to be downloaded by everyone in the family.

The alternative is buying one cartridge which works with every Switch in the household.

They also need save game backups in case the Switch dies or gets stolen but that's another problem. Since the Wii they've been terrified of game save backups due to exploits so they won't allow local save game backups, but they're too tight to make it cloudy.

Re: Yawn

Re: Yawn

While entirely possible to get pwned by someone with hardware access, I am entirely looking forward to playing stick figure ragdoll homebrew, putting a clock and battery HUD over my games, and using my Switch as a TV remote... Ah, wait, I'm thinking of the PSP.

Re: Yawn

I'm looking forward to having full-scale demos on my switch, myself. Yes, I can afford to buy retail games. No, I'm not going to buy a game at retail, get 10 minutes into it, and regret making a £60 mistake.

Re: Nintendo vs Sony

Re: Nintendo vs Sony

Was that Geohot? I thoght his task was to re-implement the 'Other OS' Function, that got striped out, Because he managed to slowly work out how to address the RSX Chip from the userspace.

Where as Team 0verFl0w were the ones who discoverd the bug in S0NYs code that bascily made the RNG, well slightly less random. And, in point of fact, were able to fully extract S0NYs supper secret Private Key (FW 3.55), That way. And the rest as they say was History.*

*Though I understand it most of this actually came via the PSP, and not so much the PS3 itself. in as far as they both shared much of the same underlining Kernel.

Re: Nintendo vs Sony

Isn't the ability to run custom code a feature, not a bug?

I remember the first gen PSP which had a similar 'bug'. Obviously Sony was displeased because of 'ze piracy', and patched it up in future revisions of the device. But it was precisely of that 'bug' that the first gen PSP became an expensive and highly demanded device in the resale market.

Re: Isn't the ability to run custom code a feature, not a bug?

Re: Isn't the ability to run custom code a feature, not a bug?

the first gen PSP became an expensive and highly demanded device in the resale market.

And, then the FSM Battery hack got discoverd, and that, pretty much had everything upto, if not the PSP Go covered. as well. Strange that the VERY FIRST attack on the PS3 came also via this method. But, that was before, Team 0verFl0w, managed to get there beaky nosies into the Code. Just to discover that someone in Tokyo had probably been sleeping on the job. When they were ment to write a hardend RNG instead.

Sweet!

So would this also affect the nVIDIA Shield TVs?

Seeing as the Switch was built on the same SoC as the Shield (Android) TV was. Problem is I'm less sure about a case use here. As its simple as Pie to unlock the Bootloader via an ADB instance, and pretty much install whatever you like. So I wonder if this will eventually lead to getting Switch only Games to run on the Shield TV?

Re: Linux?

fail0verflow

It looks like it was separately discovered by other people as well:

https://fail0verflow.com/blog/2018/shofel2/

"but then someone published the 0day bug two days before our 90-day disclosure window was set to expire on April 25th. Oh well. Yes, this is the same bug that is exploited by fusée gelée, and that was just leaked by some other group (but we found it first)."

They also have a github page with enough instructions for those with a certain amount of technical knowledge to boot linux on a Switch.

WTF is a Nintendo Switch?

Wow. As someone who used to own every console system he could, I fall asleep for a couple of years enjoying PC gaming, and on reading this story, had to ask, "WTF is a Nintendo Switch?" Having looked it up now, and having an answer, I still have to ask the same question, "WTF is a Nintendo Switch?"

I think the people at Nintendo have lost their minds. (They're also a little too tablet-obsessed.) I miss the days when the games were about the games, not stupid hardware gimmicks.

Console EOL = unlock to allow custom firmware?

I'm curious to see what others would think of this idea. If a console is EOL with no new games produced and only second-hand games as the way to purchase ones you don't own, would it be unreasonable to have the manufacturer release an optional firmware that allows users to do whatever they want? You would have express conditions to install this firmware, among them the fact you lose the ability to play your existing games, and couldn't do it accidentally. You could also go back to the last official release to play normal games again.

The manufacturer wouldn't be making any money on old consoles or games and it would only benefit those who want to do more with a product they own or could get relatively cheaply. Anyone wanting to hack a system to get free games will find a way to do that regardless. I didn't give pros / cons a lot of thought but I see manufacturers as never doing it because it gives them nothing in return. Maybe they could charge a nominal fee for the firmware? $10 to unlock your Switch (when it's finished) for whatever you want to do with it?

Re: Console EOL = unlock to allow custom firmware?

Have you seen Nintendo's stance on homebrew? They believe it's the same as piracy. Even if you only wanted to play an emulated version of Chuckie Egg all day or use the console as a media player you're Breaking The Law.

Shame their Virtual Console "leveraged" open source emulators without credit and also used downloaded ROMs.

Re: Console EOL = unlock to allow custom firmware?

That's a beautiful sentiment, but won't happen before cats and dogs live together... Nintendo has really weird ideas on piracy, as some other people have commented.

Legal or not, that's what allowed me to bring a Wii back from the dead: I really liked that console and have a big pile of games for it, so when the DVD drive failed after 4 years of use, I replaced it. When it failed *again* after 5 more years I couldn't source a new drive at a decent price so I installed Homebrew and now can play my library of games from an external HDD, as well as running a couple of emulators.

If not for Homebrew, the console would have been tossed into the garbage bin a long time ago and who would have benefitted from that? not me and certainly not Nintendo (as I wouldn't replace it with another Wii)